<?php
	if($_SESSION['access']!='0') {
		header("Location: ".HTTP_SERVER.ADMIN_DIR);
		exit;
	}
	
	$msg = "";
	if(isset($_POST['submit']) && $_POST['submit']=='Add') {
		if(trim($_POST['add_mem_username'])!='' && trim($_POST['add_mem_password'])!='' && trim($_POST['add_mem_access'])!='') {
			$db->Query("INSERT INTO member(`username`, `password`, `name`, `email`, `contact_tel`, `access`) VALUES ('".$_POST['add_mem_username']."', '".crypt($_POST['add_mem_password'], SALT)."', '".$_POST['add_mem_name']."', '".$_POST['add_mem_email']."', '".$_POST['add_mem_tel']."', '".implode(',', $_POST['add_mem_access'])."');");
			$add_username = $add_password = $add_name = $add_email = $add_tel = "";
			$add_cat = array();
		} else {
			$msg = "<span class='error'>Sorry can't add member if they don't have at least a username, password and access privileges set</span>";
			$add_username = $_POST['add_mem_username'];
			$add_password = $_POST['add_mem_password'];
			$add_name = $_POST['add_mem_name'];
			$add_email = $_POST['add_mem_email'];
			$add_tel = $_POST['add_mem_tel'];
			$add_cat = $_POST['add_mem_access'];
		}
	} else {
		$add_username = $add_password = $add_name = $add_email = $add_tel = "";
		$add_cat = array();
	}

	//loop through all members and update their member details if necessary
	$db->Query("SELECT * FROM member WHERE access!='0';");
	$members = $db->getResults();
	foreach($members as $mem) {
		if($_POST['submit'.$mem[0]]=='Update') {
			$qry = "UPDATE member
							SET username='".$_POST['edit_mem_username'.$mem[0]]."', ";
			if(trim($_POST['edit_mem_password'.$mem[0]])!='') $qry .= "password='".crypt($_POST['edit_mem_password'.$mem[0]], SALT)."', ";
				$qry .= " name='".$_POST['edit_mem_name'.$mem[0]]."', 
									email='".$_POST['edit_mem_email'.$mem[0]]."',
									contact_tel='".$_POST['edit_mem_tel'.$mem[0]]."',
									access='".implode(",", $_POST['edit_mem_access'.$mem[0]])."'
							WHERE id='".$mem[0]."';";
			$db->Query($qry);
			$msg = "<span class='success'>Update Successfull.</div>";
		}
		
		if($_POST['submit'.$mem[0]]=='Delete') {
			$db->Query("DELETE FROM member WHERE id='".$mem[0]."';");
			$msg = "<span class='info'>Delete Successfull.</div>";
		}
		if($msg) break;
	}
?>